Help Center Logpoint Docs Idea Portal Logpoint.com

Other Discussions

Share your best battle stories or start a LogPoint related discussion with your peers

  • 23 Topics
  • 25 Replies

23 Topics

A
Anonymous
posted in Other Discussions

Customer Success Roundtable discussion with LogPoint's VP of Customer Success

Join us on the next  Customer Success Roundtable session on August 24 3PM CET  and share your ideas and feedback directly with the VP of Customer Success on how to improve LogPoint products and services. To register, simply send an email to customersuccess@logpoint.com  

0
A
2 years ago
Brian Hansen
LogPoint Team
Brian HansenLogPoint Team
posted in Other Discussions

Customer Success Roundtable and LogPoint Cyber Professionals Panel – sign up for the newsletter today for the registration details!

We will soon be sending out our new Customer Success Newsletter, if you are not already receiving newsletters from LogPoint, sign up here: https://go.logpoint.com/customernewsletter-signupThis issue will contain information about our new Customer Success Roundtable sessions, LogPoint`s Cyber Professionals Panel as well as Fighting the Ransomware war, Machine Learning, UEBA, Sizing Calculator and new integrations. Regards,Brian HansenVP, Customer Success

0
Brian Hansen
LogPoint Team
3 years ago
G
LogPoint Team
Gustav Elkjær RødsgaardLogPoint Team
posted in Other Discussions

Onenote Malicious Attachment as Initial Vector – Detect, Investigate, and Remediate using Logpoint

Attackers are using OneNote files to infiltrate systems by embedding malicious payloads, with OneNote becoming a popular option after macros were disabled.The attack is not new, with techniques ranging from phishing to sharing OneNote files, and payloads including RATs and information stealers.To detect and respond to these attacks, it is recommended to check strings of .one files, monitor OneNote’s child process executions, and check for suspicious use of built-in Windows binaries. Windows and 7-Zip have fixed bugs that allowed malicious file formats to bypass security warnings.The report explores how this attack works and its potential longevity.https://www.logpoint.com/en/blog/onenote-malicious-attachment-as-initial-vector/

0
G
LogPoint Team
1 year ago
A
LogPoint Team
Anders NilssonLogPoint Team
posted in Other Discussions

ESXiArgs Ransomware: never too early to jump the gun

Hi All, We are excited to share our latest blog on ESXiArgs Ransomware by Logpoint Security Researcher, Bibek Thapa Magar.VMware ESXi hypervisor allows organizations to host multiple virtual systems on a single physical server. A global ransomware campaign named “ESXiArgs” is targeting VMware ESXi servers and exploiting a two-year-old vulnerability (CVE-2021-21974). The involvement of other CVEs has been speculated. In October 2022, a custom python backdoor was detected on a VMware ESXi server, which could run remote commands or launch a reverse shell. This backdoor may have a role in the infection routine.Get research and analysis, insight, plus hints and tips, on how to mitigate ESXiArgs in the main blog below.https://www.logpoint.com/en/blog/esxiargs-ransomware/

0
A
LogPoint Team
1 year ago
Rasmus Heiselberg Porse
LogPoint Team
Rasmus Heiselberg PorseLogPoint Team
posted in Other Discussions

A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems

Hi All,We are excited to share our latest blog by Logpoint Security Researcher, Nilaa Maharjan.In this piece, you can read about the zero-day vulnerability Fortinet disclosed in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.Get research and analysis, insight, plus hints and tips, on how to mitigate BOLDMOVE with Logpoint in the blog below.Link: https://www.logpoint.com/en/blog/boldmove-exploiting-fortinet-systems/

0
Rasmus Heiselberg Porse
LogPoint Team
1 year ago
Artem Fursenko
Artem FursenkoCommunity Manager
posted in Other Discussions

Idea Portal. Update on visibility and not only

We recently updated our Idea Portal to bring even more privacy and freedom of sharing ideas - for example, it’s no longer showing names of the users voted for the idea, even names of the users commenting it. That should help  to preserve anonymity even when ideas are created from the support ticket.Our team plan to continue improving experience of all “ecosystem” resources like Idea Portal, Service Desk and so on - so we appreciate any feedback from the community about this change - or any other potential changes. Please feel free to comment there - or by any other channel. NB: limited set of Logpoint employees, product managers with sufficient permissions, can still see names of the commentators in the back office of idea portal - to enable direct dialog on any specific feature scenario to be discussed outside idea portal.

0
Artem Fursenko
1 year ago
L
Lucky SinghNew Participant
asked in Other Discussions

User account privileges escalation

is their a method or can their be method, where you can set your user accounts in log point as standard account, when someone need to complete any administrative task a ticket/token can be raised, with time frame limit.  where manager/third person can either approve or reject it request to escalate current of the user account from standard to admin. For account tracking and better account visibility.  Just as in Microsoft 365 security or MDE security portal.

2
Rupsan Shrestha
LogPoint Team
1 year ago
A
Andre KurtzInspiring
asked in Other Discussions

Will LP 6 still receive updates ?

Hello, i have some minor questions regarding LP “policies” regarding security vulnerabilities: Will LogPoint 6 still receive patches to fix security vulnerabilities ? E.g. LP 7.0.1 fixes the polkit vulnerability. As polkit was discovery AFTER the latest patch for LP 6 (6.12.02),  there is a good chance LP6 is affected by it too, but there is no patch available and i didn’t find any informationen that LP 6.12.02 is NOT affected by this vulnerability. I am currently not keen to upgrade my LP installations from 6.12.2 to LP 7, but there have been some vulnerabilities for Linux recently (Log4Shell, polkit, dirty pipe, now zlib) with a good chance of LP being affected by them. If LP6 will not receive patches anymore, i would have to update (fast). Generally speaking, is there any documentation how long the different LP versions are supported ? Also, is there a webseite, newsletter etc to get get a quick overview or (even better) automatic notification when a new LP patches \ software update

3
Artem Fursenko
2 years ago
Ash Scott
Ash ScottInspiring
asked in Other Discussions

Layout Templates import

Hi folks, just a quick one.I noticed on the Layout Templates section of the Reports tab that you can import a template. However, it doesn’t look like you can actually export a template. So, my question is - what kind of template do you import?Is there a specific file format or report schema that needs to be used, or does that option just not do anything at the moment?I did look on this page but there didn’t seem to be an explanation there either.

1
A
2 years ago
A
Anonymous
posted in Other Discussions

Old Community closing down today.

Dear All,We would like to inform you that the old LogPoint Community on https://servicedesk.logpoint.com/hc/en-us/community/posts is closing down today / 25.03.2022 and all community activity will be directed to this community.   

0
A
2 years ago
A
Anonymous
posted in Other Discussions

Customer open hours sessions - limited spots available! :)

We still have a few spots available for our exclusive customer open hour sessions with LogPoint experts from our engineering, customer success, support, and global services teams.You might have questions like:How do I activate SOAR on top of my SIEM V7.0? How do I create a Trigger? Do I need to pay to activate my SOAR? Or something completely different. We are here to help you.The Open Hour sessions are: March 1st 11:00 CET March 3rd 14:00 CETUpgrading to LogPoint 7 is free. Visit the LogPoint Help Center to download LogPoint 7. We look forward to answering your questions and supporting your experiences with LogPoint SIEM+SOAR.

0
A
2 years ago
A
Anonymous
posted in Other Discussions

Exclusive customer open hour sessions with LogPoint experts - Register now!

Are you using LogPoint 7 but have questions about SIEM or SOAR?For a short period we are offering exclusive customer open hour sessions with LogPoint experts from our engineering, customer success, support, and global services teams.You might have questions like:How do I activate SOAR on top of my SIEM V7.0? How do I create a Trigger? Do I need to pay to activate my SOAR? Or something completely different. We are here to help you.The Open Hour sessions are: Feb. 22nd 15:00 CET Feb  24th 13:00 CET March 1st 11:00 CET March 3rd 14:00 CETUpgrading to LogPoint 7 is free. Visit the LogPoint Help Center to download LogPoint 7. We look forward to answering your questions and supporting your experiences with LogPoint SIEM+SOAR.

0
A
2 years ago
A
Anonymous
asked in Other Discussions

Expect prolonged response time from Support due to faults in internet submarine cable supply in the Indian Ocean.

Dear All, We have been informed that  there’s a problem with the under-sea cables between India and Europe resulting in connectivity issues. While work is underway to fully restore internet services at the earliest we are asking for your patience while we are doing our utmost best to ensure that your tickets are all resolved as fast as possible.In the meantime, we encourage you to use this community for instant help on non-critical issues. 

0
A
2 years ago
Brian Hansen
LogPoint Team
Brian HansenLogPoint Team
posted in Other Discussions

Update on Log4j

Dear LogPoint Partner and Customer.Recently, a critical remote code execution vulnerability in Apache log4j  (CVE-2021-44228), was discovered, affecting versions 2.0-2.14.1. Vulnerability status of LogPoint productsAt this time, we have determined that no LogPoint products are affected by the vulnerability.For detailed information about the vulnerability status of each LogPoint product, please consult the table below. If you have any questions about the vulnerability, please contact LogPoint Support or LogPoint Community. Details of vulnerability by LogPoint product  Product Vulnerable? Reason LogPoint 6.12.2 Not affected Log4J v 1.2 used Previous LogPoint versions Not affected Previous versions used UEBA Not affected Log4J v 1.x used LogPoint Agent Not applicable Not used Director Console Not affected Log4J v 1.2 used Director Fabric Not a

2
Brian Hansen
LogPoint Team
2 years ago
T
Tobias WeidemannNew Participant
asked in Other Discussions

Is LogPoint vulnerable to CVE-2021-44228

Hello LogPoint Support / LogPoint Community,regarding the news about the log4j 2 CVE-2021-44228, I’ve been wondering whether log4j Version 2 is in use in the LogPoint Core SIEM or other parts of your product suite.Could you please evaluate this and inform us partners and customers about the probable impact of this CVE?Thanks so much in advance,Tobias Weidemann

3
Brian Hansen
LogPoint Team
2 years ago
A
Anonymous
posted in Other Discussions

Roundtable discussion with LogPoint VP of Customer Success

Join us on the next  Customer Success Roundtable session on October 21 3PM-4PM  CET  and share your ideas and feedback directly with the VP of Customer Success on how to improve LogPoint products and services. To register, simply send an email to customersuccess@logpoint.com

0
A
2 years ago
A
Anonymous
asked in Other Discussions

Send your feature requests directly to the LogPoint Product Team going forward! 🥳😎

We are now launching the LogPoint Ideas portal and would like you to join. Simply click the link below and log in with your existing support credentials, easy as that you are now ready to submit and upvote feature requests. Alternatively, you can always access the Idea Portal from the Community, just go to: homepage→ upper right corner→click Idea PortalJoin here: https://logpoint.ideas.aha.io/  

0
A
2 years ago
Nils Krumey
LogPoint Team
Nils KrumeyLogPoint Team
posted in Other Discussions

Roundtable with LogPoint's Product Manager for UEBA

Hello everyone,I just wanted to direct your attention to a roundtable that we have coming up with Jon Eglisson, our Engineering Manager for UEBA in the CTO office.So if there’s anything you always wanted to know about LogPoint’s UEBA solution this should be an interesting one to attend!You can find the signup link here:  

0
Nils Krumey
LogPoint Team
2 years ago
A
Anonymous
asked in Other Discussions

How to detect stealthy Cobalt Strike activity in your enterprise

 Cobalt Strike, first released in 2012, is a commercial adversary simulation tool and is popular among red teams, pen-testers, and threat actors alike. In essence, Cobalt Strike is a modularized post-exploitation framework that uses covert channels to simulate a threat actor in the organization’s network.Cobalt Strike’s popularity is mainly due to its beacons being stealthy, stable, and highly customizable. The beacons are stealthy due to in-memory execution via reflection into the memory of a process without affecting the file system. Cobalt Strike’s post-exploitation suite includes support for keylogging, command execution, credential dumping, file transfer, port scanning, and more, making the adversary’s job easier. Malleable C2 is another beloved feature of Cobalt Strike that allows attackers to change how its beacons look and mimic other legitimate traffic to stay under the radar.Though the vendor screens the distribution of licenses to security professionals, adversaries were abl

0
A
2 years ago
A
Anonymous
posted in Other Discussions

Think In content available now!

Once again, a big thank you from all of us for joining LogPoint’s ThinkIn 2021!We have collected all of the great keynotes, presentations, and breakout sessions for you to revisit: Thinkin 2021 recordingsIf you haven’t already provided your feedback on Thinkin 2021, we would very much appreciate a few minutes of your time: Take the ThinkIn 2021 survey​​​​​​See you for ThinkIn 2022…

5
markus.nebel@8com.de
3 years ago
A
Anonymous
posted in Other Discussions

ThinkIn feedback wanted

A big thank you from all of us for joining LogPoint’s ThinkIn 2021! As we’re always striving to improve and make the next edition of ThinkIn even better, we would very much appreciate your feedback on ThinkIn 2021. Please take a few minutes to share your impressions here in the comments section or Take the ThinkIn 2021 surveyIf you want to revisit ThinkIn 2021, you can find live recordings of main tracks for the two days here:ThinkIn 2021 – Day 1ThinkIn 2021 – Day 2Stay tuned for recordings of individual keynotes, presentations, and breakout sessions.

6
HansHenrikMoerkholt
3 years ago
A
Andre KurtzInspiring
asked in Other Discussions

Support-Connection - HTTP Proxy settings

Hi, i will need to open a support ticket with LP in the near future as the /opt folder does not have enough free space anymore which prevents the 6.11 updates from being applied.According to the LP documentation following fw rules have to be configured to successfully create a support connection:reverse.logpoint.dk - 1193/UDPcustomer.logpoint.com - 443/TCP My first question:Are these rules still correct ? reverse.logpoint.dk does not seem to exist anymore. Adding these rules to our firewall would not allow our LogPoint to retrieve a support IP.  Second question:I guess that 443/TCP is needed to send some HTTPS traffic back to Logpoint. However, all HTTPS traffic in our network is routed through a forward proxy, and i would like to prevent making an exception for our LPs if it is avoidable. But i can not find any setting in the web-gui allowing me to configure a http proxy on the LogPoint. Is it possible to configure a system wide http proxy via the web-gui or the command line  ? Please

2
A
3 years ago
Basudev Raut
LogPoint Team
Basudev RautLogPoint Team
asked in Other Discussions

Automatic creation of List from process toList command

Wouldn’t it be more handy to get a list created automatically when a process toList command is used in LP Query just like the T-SQL query below which creates a DB table automatically, rather than manually creating a dynamic list every time?SELECT column1, column2, column3, ...INTO newtable [IN externaldb]FROM oldtableWHERE condition;

1
Sandesh Bushal
LogPoint Team
3 years ago

Badge winners

Show all badges
Terms & ConditionsCookie settings